1z0-1104-22 Tested & Approved Oracle Cloud Infrastructure Study Materials [Q29-Q54]

1z0-1104-22 Tested & Approved Oracle Cloud Infrastructure Study Materials

Validate your Skills with Updated Oracle Cloud Infrastructure Exam Questions & Answers and Test Engine

Oracle 1z0-1104-22 Exam Syllabus Topics:

Topic	Details
Topic 1	Describe key capabilities provided by Data Safe Use Compartments to isolate resources
Topic 2	Understand and implement Security Zones and Security Advisor Understand MFA, Identity Federation, and SSO
Topic 3	Design and implement a logging and logging analytics solution Secure connectivity of hybrid networks (Site-to-Site VPN, FastConnect)
Topic 4	Configure Dynamic Groups, Network Sources, and Tag-Based Access Control Secure connectivity of virtual networks (DRG v2, Peering)
Topic 5	Describe the use case for auditing and review OCI Audit Logs Implement conditional and advanced policies
Topic 6	Configure security for Oracle Autonomous Database and DB Systems Describe the use case for Penetration and Vulnerability Testing

 

NEW QUESTION 29
Cloud Guard detected a risk score of zero in the dashboard, what does this mean ?

• A. Risk score doesn't say anything. These are just numbers
• B. LOW or MINOR issues
• C. Larger number of problems that have high risk levels ( HIGH or CRITICAL )
• D. No problem detected for any resource

Answer: D

Explanation:

 

NEW QUESTION 30
what is the use case for Oracle cloud infrastructure logging analytics service?

• A. monitors, aggregates, indexes and analyzes all log data from on-premises.
• B. automatically create instances to collect logs analysis and send reports
• C. automatically and manage any log based on a subscription model
• D. labels data packets that pass through the internet gateway

Answer: A

Explanation:
Oracle Cloud Infrastructure Logging Analytics is a machine learning-based cloud service that monitors, aggregates, indexes, and analyzes all log data from on-premises and multicloud environments. Enabling users to search, explore, and correlate this data to troubleshoot and resolve problems faster and derive insights to make better operational decisions.
https://www.oracle.com/manageability/logging-analytics/

 

NEW QUESTION 31
With regard to OCI Audit Log Service, which of the statement is INCORRECT?

• A. Audit Events gets collected when modification within objects stored in an Object Storage bucket
• B. REST API calls can be recorded by Audit service
• C. Events logged by the Audit service can be viewed by using the Console, API, or the SDK for Java
• D. Retention period for audit events cannot be modified

Answer: A

 

NEW QUESTION 32
Which IAM policy should be created to give XYZ the ability to list contents of a resource excluding the f needs to authenticate in prod compartment ? Principle of least priviledge should be used.

• A. Allow group XYZ to use all resources in compartment != prod
• B. Allow group XYZ to read all resources in tenancy where target.compartment.name != prod
• C. Allow group XYZ to manage all resources in compartment != prod
• D. Allow group XYZ to inspect all resources in tenancy where target.compartment.name != prod

Answer: D

Explanation:

 

NEW QUESTION 33
Bot Management in OCI provides which of the features? Select TWO correct answers.

• A. CAPTCHA Challenge
• B. Bad Bot Denylist
• C. Good Bot Allowlist
• D. IP Prefix Steering

Answer: A,C

Explanation:

 

NEW QUESTION 34
What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?

• A. Policies
• B. Dynamic groups
• C. Users
• D. Groups

Answer: A

Explanation:
POLICY
A document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself. If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy. For more information, see Example Scenario and How Policies Work. The word "policy" is used by people in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources.
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm

 

NEW QUESTION 35
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers

• A. Resources in a security zone must be accessible from internet
• B. Block volume can be moved from a security zone to a standard compartment
• C. Resources in a security zone must be encrypted using customer-managed keys
• D. Bucket can't be moved from a security zone to a standard compartment

Answer: C,D

Explanation:

 

NEW QUESTION 36
What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>'

• A. Enables users to invoke all the functions in a specific application
• B. Enables users to invoke all the functions in a compartment except for one specific function
• C. Enables users in a group to create, update, and delete ALL applications and functions in a compartment
• D. Enables users to invoke just one specific function

Answer: D

 

NEW QUESTION 37
Which statement is true about origin management in WAF?
Statement A: Multiple origins can be defined.
Statement B: Only a single origin can be active for a WAF.

• A. Both the statements are false.
• B. Only statement A is true.
• C. Only statement B is true.
• D. Both the statements are true.

Answer: D

 

NEW QUESTION 38
When does Cloud Guard re-open an issue and update the history?

• A. If it detects an issue for a previously resolved configuration problem
• B. If it detects an issue for a previously dismissed configuration problem
• C. If it detects an issue for a previously resolved/dismissed activity problem
• D. If it detects an issue again for an Open (unresolved) problem

Answer: A

Explanation:
If Cloud Guard detects an issue again for:
An Open (unresolved) problem, it updates the problem history, but doesn't create a new problem.
A previously solved problem, it reopens the issue and updates the history.
A previously dismissed problem, it updates the history.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/problems-page.htm

 

NEW QUESTION 39
A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartica.
Which of the following statement will help to reduce these types of unauthorized requests ?

• A. Delete NAT Gateway from Virtual Cloud Network
• B. List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists
• C. Use WAF policy using Access Control Rules
• D. Change your home region in which your resources are currently deployed

Answer: C

 

NEW QUESTION 40
With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select TWO correct answers.

• A. Any port scanning must be performed in an aggressive mode
• B. You are responsible for any damages to Oracle Cloud customers that are caused by your testing activities
• C. Testing should target any other subscription or any other Oracle Cloud customer resources
• D. Physical penetration and vulnerability testing of Oracle facilities is prohibited

Answer: B,D

Explanation:

 

NEW QUESTION 41
When using Management Agent to collect logs continuously, which is the required configuration for OCI Logging Analytics to retrieve data from numerous logs for an instance?

• A. Entity - Source Association
• B. Agent - Entity Association
• C. Entity - Agent Association
• D. Source-Entity Association

Answer: D

Explanation:

 

NEW QUESTION 42
Which volume type contains the image used to boot a compute instance?

• A. Block volume
• B. Boot volume
• C. Init 6 volume
• D. Startup volume

Answer: B

Explanation:
Boot Volumes
When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instance until you terminate the instance. When you terminate the instance, you can preserve the boot volume and its data
https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/bootvolumes.htm

 

NEW QUESTION 43
What must be configured for a load balancer to accept incoming traffic?

• A. Listener
• B. Route table entry pointing to the listener IP address
• C. Service Gateway
• D. SSL certificate

Answer: A

Explanation:
A listener is an entity that checks for connection requests. The load balancer listener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter a friendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.

 

NEW QUESTION 44
Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?

• A. Device fingerprint challenge
• B. CAPTCHA challenge
• C. Human interaction challenge
• D. JavaScript challenge

Answer: D

 

NEW QUESTION 45
A company has OCI tenancy which has mount target associated with two File Systems, CG_1 and CG_2. These File Systems are accessed by IP-based clients AB_1 and AB_2 respectively. As a security administrator, how can you provide access to both clients such that CGI has Read only access on AB1 and CG_2 has Read/Write access on AB_2?

• A. Vault
• B. NFS Export Option
• C. NFS v3 Unix Security
• D. Access Control Lists

Answer: B,C

Explanation:

 

NEW QUESTION 46
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloud network has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?

• A. due to the conflict in security configuration inbound request traffic would not be allowed
• B. the union of both configuration would happen and allow both inbound and outbound traffic
• C. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
• D. network security group would supersede the security utility list and allow both inbound and outbound traffic

Answer: C

 

NEW QUESTION 47
Which statements are CORRECT about Multi-Factor Authentication in OCI ? Select TWO correct answers

• A. Users cannot enable MFA for themselves
• B. Members of the Administrators group can disable MFA for other users
• C. Members of the Administrators group cannot enable MFA for another user
• D. A user can register multiple devices to use for MFA.

Answer: B,C

Explanation:

 

NEW QUESTION 48
Logical isolation for resources is provided by which OCI feature?

• A. Tenancy
• B. Availability Zone
• C. Compartments
• D. Region

Answer: C

 

NEW QUESTION 49
As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy ?

• A. Allow group /group-uat*/ to manage all resources in compartment Uat
• B. Allow any-user to manage all resources in compartment Uat where request.group=/group-uat/*
• C. Allow group group-uat1 group-uat2 to manage all resources in compartment Uat
• D. Allow any-user to manage all resources in tenancy where target.compartment= Uat

Answer: C

 

NEW QUESTION 50
What is the minimum active storage duration for logs used by Logging Analytics to be archived?

• A. 10 days
• B. 15 days
• C. 30 days
• D. 60 days

Answer: C

Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Active%20Storage%20Duration,be%20archived%20is%2030%20days.
The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.

 

NEW QUESTION 51
Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?

• A. Windows Servers that does not have the minimum agent version requires an agent update or installation.
• B. Windows Servers that does not have the minimum agent version does not require an agent update or installation.
• C. Windows Servers that already has the minimum agent version requires an agent update or installation.
• D. Windows Servers that already has the minimum agent version does not require an agent update or installation.

Answer: A

Explanation:
https://docs.oracle.com/cd/E11857_01/install.111/e15311/agnt_install_windows.htm

 

NEW QUESTION 52
As a security administrator, you want to create cloud resources that align with Oracle's security principles and best practices. Which security service should you use?

• A. Cloud Guard
• B. Security Advisor
• C. Web Application Firewall (WAF)
• D. Identity and Access Management

Answer: B

Explanation:

 

NEW QUESTION 53
As a security architect, how can you prevent unwanted bots while desirable bots are allowed to enter?

• A. Vault
• B. Compartments
• C. Data Guard
• D. Web Application Firewall (WAF)

Answer: D

 

NEW QUESTION 54
......

1z0-1104-22 [Apr-2023] Newly Released] 1z0-1104-22 Exam Questions For You To Pass: https://prep4sure.real4dumps.com/1z0-1104-22-prep4sure-exam.html